Vague Errors and No, You Can’t Be An Admin on Your Workstation

In real estate, its all about location, location, location. In today’s Windows workplace environment its all about security, security, security. Legacy apps present challenges because they want to do things that are not going to work in our environment. For example, this vague error when our user is trying to run an app:

Not a lot to go on but our helpdesk was able to get to work by running the app in an elevated state and I knew then that this app obviously wasn’t designed with security in mind. No doubt, the app was trying to modify one or more of its files that was in a location that was locked down by the secure Windows 7 file system. The user wanted to be admin to workaround it. “Sorry, but we can’t give you that kinda juice.” But we could likely change the security permissions on the file and grant Users the right to modify it … assuming that was the case. Taking a look with Process Monitor, I ran the app, set a filter for Access Denied on the file system and got the following:

Yep, legacy apps don’t care much for putting stuff inside C:\Windows, but this is bad practice today because standard user accounts will not have the necessary privileges to create and modify any files placed here. The workaround in this case (because the user insists they really need this app) was to change the security permissions of the files the app was trying to write to to give Users Modify permissions: